EncodingUtil

encodeXSS

This helper method can be used to help prevent Cross Site Scripting
vulnerabilities. Any Servlet or JSP which sends user input (eg. query
parameters in HTTP requests) to be rendered into a user's browser needs to
use this method to encode the user input. This ensures that any HTML in
their input (either malicious or otherwise) is not executed by the browser.
This is achieved by converting characters to their HTML escaped form. For
example, '&' is converted to '&#38;'.